Вопрос
I'm developing SOAP web services using spring-ws framework and it is required to implement authentication for web service access.I'm trying to implement token based authentication as follows.
There is a separate web method to user authentication. If user credentials are valid, system generated token will be returned to the client. Token will have limited validity period.
When user accessing rest of the web methods, its required to provide username with the valid token which is returned by the authentication method.
Once the token expired, user need to get the valid token again and again through the authentication web service.
Please advice, what are the available methods in spring framework to implement such a scenario. Since I'm newer to spring web-service security, its better if I can have simple guideline on how to implement.
Thank you.
Решение
Here you can use Wss4jSecurityInterceptor - an EndpointInterceptor which can be used to perform security operations on request messages (of course before calling the Endpoint)
https://stackoverflow.com/questions/18912673
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="UsernameToken Encrypt" />
</bean>
